mirror of
https://github.com/duckietm/Nitro-V3.git
synced 2026-06-19 15:06:20 +00:00
duckietm
969f4a07d2
Backend (AuthHttpHandler): - New users_remember_tokens table stores sha256 hex of the raw token so the DB never holds a usable credential. Seed file adds the table and a login.remember.duration.days setting (default 30). - /api/auth/login accepts "remember": true. On success, issues a fresh 32-byte base64url token, stores the hash, returns the raw token. - New POST /api/auth/remember: accepts the raw token, looks up by hash, on a valid hit mints a fresh SSO ticket, rotates the token (deletes the consumed one and issues a new one), returns both to the client. No Turnstile - it's an automated trusted-device flow. - /api/auth/logout also accepts rememberToken and deletes that single row so other devices keep their tokens. Frontend: - LoginView: "Remember me" checkbox (key login.remember_me already in ExternalTexts). Enabling it persists the returned rememberToken in localStorage.nitro.remember.token. - App.tsx: before deciding to show the login screen, try a silent POST to /api/auth/remember with the stored token. On 200, inject the returned ssoTicket into window.NitroConfig and proceed to the authenticated flow; on 401, forget the token and show login. - PurseView logout: sends the stored rememberToken in the body so the server can delete it, and clears localStorage before reload.
